Title: Training Cisco Certified Network Associate CCNA 640802
1Training Cisco Certified Network Associate (CCNA
640-802)
- Mr.Kriangsak Namkot
- jodoi_at_jodoi.com
- jodoi1819_at_hotmail.com
- http//www.jodoi.com
2Day 2
- Layer 2 Switching and Spanning Tree Protocol
(STP) - Virtual LANs (VLANs) , VTP , inter-VLAN routing
- Wide Area Networks , PPP connection , Frame Relay
, xDSL - LAB Configuration
3Ethernet Switches and Bridges
- Address learning
- Forward/filter decision
- Loop avoidance
4Transmitting Frames
- Cut-Through
- Switch checks destination address and immediately
begins forwarding frame.
- Store and Forward
- Complete frame is received and checked before
forwarding.
- Fragment-Free
- Switch checks the first 64 bytes, then
immediately begins forwarding frame.
5MAC Address Table
- Initial MAC address table is empty.
6Learning Addresses
- Station A sends a frame to station C.
- Switch caches the MAC address of station A to
port E0 by learning the source address of data
frames. - The frame from station A to station C is flooded
out to all ports except port E0 (unknown unicasts
are flooded).
7Learning Addresses (Cont.)
- Station D sends a frame to station C.
- Switch caches the MAC address of station D to
port E3 by learning the source address of data
frames. - The frame from station D to station C is flooded
out to all ports except port E3 (unknown unicasts
are flooded).
8Filtering Frames
- Station A sends a frame to station C.
- Destination is known frame is not flooded.
9Filtering Frames (Cont.)
- Station A sends a frame to station B.
- The switch has the address for station B in the
MAC address table.
10Broadcast and Multicast Frames
- Station D sends a broadcast or multicast frame.
- Broadcast and multicast frames are flooded to all
ports other than the originating port.
11Forward/Filter Decisions
12Forward/Filter Decisions
13Port Security
- Switch(config)interface fastEthernet 0/1
- Switch(config-if)switchport port-security ?
- mac-address Secure mac address
- maximum Max secure addresses
- violation Security violation mode
- ltcrgt
- Switch(config-if)switchport port-security
maximum 1 - Switch(config-if)switchport port-security
violation shutdown
14Loop Avoidance
- Redundant topology eliminates single points of
failure. - Redundant topology causes broadcast storms,
multiple frame copies, and MAC address table
instability problems.
15Broadcast Storms
- Host X sends a broadcast.
- Switches continue to propagate broadcast traffic
over and over.
16Multiple Frame Copies
- Host X sends a unicast frame to router Y.
- MAC address of router Y has not been learned by
either switch yet. - Router Y will receive two copies of the same
frame.
17MAC Database Instability
- Host X sends a unicast frame to router Y.
- MAC address of router Y has not been learned by
either switch. - Switches A and B learn the MAC address of host X
on port 0. - The frame to router Y is flooded.
- Switches A and B incorrectly learn the MAC
address of host X on port 1.
18Spanning-Tree Protocol
- Provides a loop-free redundant network topology
by placing certain ports in the blocking state.
19Spanning-Tree Operation
- One root bridge per network
- One root port per nonroot bridge
- One designated port per segment
- Nondesignated ports are unused
20Spanning-Tree Protocol Root Bridge Selection
- Bpdu Bridge Protocol Data Unit (default
sent every two seconds) - Root bridge Bridge with the lowest bridge ID
- Bridge ID
- In the example, which switch has the lowest
bridge ID?
21Spanning-Tree Port States
- Spanning-tree transits each port through several
different states
22Spanning-Tree Port States (Cont.)
23Spanning-Tree Path Cost
24Spanning-Tree Example
25Spanning-Tree Recalculation
26Spanning-Tree Convergence
- Convergence occurs when all the switch and bridge
ports have transitioned to either the forwarding
or the blocking state. - When the network topology changes, switches and
bridges must recompute the Spanning-Tree
Protocol, which disrupts user traffic.
27Rapid Spanning-Tree Protocol
???????? ??? Listening ?????
28Rapid Transition to Forwarding
29Spanning-Tree
- Switchshow spanning-tree vlan 1
- VLAN0001
- Spanning tree enabled protocol ieee
- Root ID Priority 32769
- Address 0001.96DC.1A62
- Hello Time 2 sec Max Age 20 sec
Forward Delay 15 sec - Bridge ID Priority 32769 (priority 32770
sys-id-ext 1) - Address 0010.1116.A3A4
- Aging Time 300
- Interface Role Sts Cost Prio.Nbr Type
- ---------------- ---- --- --------- --------
-------------------------------- - Fa0/1 Desg FWD 19 128.3 Shr
- Fa0/2 Root FWD 19 128.3 Shr
- Switch(config)spanning-tree vlan 1 priority 4096
30VTP Modes
- Creates VLANs
- Modifies VLANs
- Deletes VLANs
- Sends/forwards advertisements
- Synchronizes
- Saved in NVRAM
- Creates VLANs
- Modifies VLANs
- Deletes VLANs
- Forwards advertisements
- Does not synchronize
- Saved in NVRAM
- Forwards advertisements
- Synchronizes
- Not saved in NVRAM
31VTP Operation
- VTP advertisements are sent as multicast frames.
- VTP servers and clients are synchronized to the
latest revision number. - VTP advertisements are sent every 5 minutes or
when there is a change.
32Catalyst Default Configuration
- IP address 0.0.0.0
- CDP enabled
- 100baseT port autonegotiate duplex mode
- Spanning tree enabled
- Console password none
33Configuration Switch
- ?? config
- erase start up
- reload
- ??????? config
- show running-config
- show spanning-tree
- show vlan
- show interfaces status
- show mac-address-table
- show ip int brief
34Configuration Switch 2950
- Vlan 1 default
- ????? Vlan ??? ??????? vlan 2 4096
- ??? config
- Switchshow vlan
- Switchvlan database
- Switch(vlan)vlan 2 name aaa
- Switch(vlan)vlan 3 name bbb
- Switchconfig terminal
- Switch(config)interface FastEthernet 0/1-24
- Switch(config-if)switchport mode access
- Switch(config-if)switchport access vlan 2
35Configuration Switch 2960
- Vlan 1 default
- ??? config
- Switchconfig t
- Switch(config)vlan 2
- Switch(config-vlan)name Sales
- Switch (config-vlan)vlan 3
- Switch (config-vlan)name Marketing
- Switch(config)interface FastEthernet 0/1-24
- Switch(config-if)switchport mode access
- Switch(config-if)switchport access vlan 2
36Configuration Switch 2950,2960
- Config trunk
- Switchconfig terminal
- Switch(config)interface fastethernet 0/3
- Switch(config-if)switchport mode trunk
- Switch(config-if)switchport trunk encapsulation
dot1q ,isl - ???????? Switch 2960 ????? set ???? trunk ???
encapsulation ?????? dot1q ???????? ??????????
set switchport trunk encapsulation dot1q
Cisco only
37Configuration Switch 2950,2960
- VLAN Trunking Protocol (VTP)
- Switchvlan database
- Switch(vlan)vtp server, client , transparent
- Switch(vlan)vtp domain jodoi
- Switch(vlan)vtp password password
- ????
- Switchconfig ter
- Switch(vlan)vtp mode server, client ,
transparent - Switch(vlan)vtp domain jodoi
- Switch(vlan)vtp password password
- Switchshow vtp status
38Configuring IP Phone Voice Traffic
- Switchconfigure t
- Switch(config)mls qos
- Switch(config)interface f0/1
- Switch(config-if)switchport priority extend ?
- cos Override 802.1p priority of devices on
appliance - trust Trust 802.1p priorities of devices on
appliance - Switch(config-if)switchport priority extend
trust - Switch(config-if)mls qos trust cos
- Switch(config-if)switchport voice vlan do1p
- Switch(config-if)switchport mode access
- Switch(config-if)switchport access vlan 3
- Switch(config-if)switchport voice vlan 10
39???????? config ?? router
40Lab 1
PC1 ip 192.168.1.1/24 in vlan2 PC2 ip
192.168.1.2/24 in vlan3 PC3 ip 192.168.1.3/24
in vlan4 PC4 ip 192.168.1.4/24 in vlan5
PC5 ip 192.168.1.5/24 in vlan2 PC6 ip
192.168.1.6/24 in vlan3 PC7 ip 192.168.1.7/24
in vlan4 PC8 ip 192.168.1.8/24 in vlan5
41Lab 2
PC1 ip 192.168.1.1/24 in vlan2 PC2 ip
192.168.1.2/24 in vlan3 PC3 ip 192.168.1.3/24
in vlan4 PC4 ip 192.168.1.4/24 in vlan5
PC5 ip 192.168.1.5/24 in vlan2 PC6 ip
192.168.1.6/24 in vlan3 PC7 ip 192.168.1.7/24
in vlan4 PC8 ip 192.168.1.8/24 in vlan5
42Wide Area Networks
- Wan Connection
- lease line ? HDLC ,PPP ? Sync
- Circuit Switch (isdn) ? HDLC ,PPP ? Async
- Packet Switch ? Frame Relay ? Sync
- Cell Switch ? ATM ? Async
- DTE ? Data terminal equipment ??????
- DCE ? Data Circuit equipment ???????
-
- Show controller Serial 0 ???????????????????
DTE ???? DCE
2 ???????? cisco
43Configuration Router
router
DTE
DCE
CSU
DSU
Configinterface serial 0 configip address
10.10.10.2 255.255.255.0 configclock rate
64000 configencapsulation hdlc
Configinterface serial 0 configip address
10.10.10.1 255.255.255.0 configbandwidth
64 configencapsulation hdlc
Show controller Serial 0 ???????????????????
DTE ???? DCE
44PPP Authentication Protocols
- Passwords sent in clear text
- Peer in control of attempts
45Challenge Handshake Authentication Protocol
- Hash values, not actual passwords, are sent
across link. - The local router or external server is in control
of attempts.
46Configuration Router
pap
R1
R2
S0
S0
Configusername R1 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp pap
sent-username R2 password 3com
Configusername R2 password 3com Configinterface
S0 Config-ifencapsulation ppp Config-ifppp pap
sent-username R1 password cisco
debug ppp authen no debug all Username
?????????????????? ??? password ????
47Configuration Router
chap
R1
R2
S0
S0
Chap password ??????????
Configusername R2 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp
authen chap
Configusername R1 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp
authen chap
Chap username ??????????? hostname ??? password
???? 2 ??????????????
48Frame Relay Overview
- Connections made by virtual circuits
- Connection-oriented service
49Frame Relay Stack
OSI Reference Model
Frame Relay
Application
Presentation
Session
Transport
Network
IP/IPX/AppleTalk, etc.
Data-Link
Frame Relay
EIA/TIA-232, EIA/TIA-449, V.35, X.21, EIA/TIA-530
Physical
50Frame Relay Terminology
51Selecting a Frame Relay Topology
- Frame Relay default nonbroadcast, multiaccess
(NBMA)
52Configuration Router
- Frame Relay
- Point-to-point (no sub interface)
- Configinterface S0
- Config-ifencapsulation frame-relay cisco , ietf
- Config-ifip address 10.10.10.1 255.255.255.252
- Config-ifbandwidth 256
- Config-ifframe-relay lmi-type cisco , ansi ,
q933a
53Configuration Router
- Frame Relay
- Point-to-point ( sub interface)
- Configinterface S0
- Config-ifno ip address
- Config-ifencapsulation frame-relay cisco , ietf
- Configinterface S0.2 point-to-point
- Config-ifip address 10.10.10.1 255.255.255.0
- Config-ifbandwidth 128
- Config-ifframe-relay interface-dlci 120
Configinterface S0.3 point-to-point Config-ifip
address 20.20.20.1 255.255.255.0 Config-ifbandwid
th 128 Config-ifframe-relay interface-dlci 110
54Configuration Router
- Frame Relay
- Point-to-multipoint ( sub interface)
- Configinterface S0
- Config-ifno ip address
- Config-ifencapsulation frame-relay
- Configinterface S0.2 multipoint
- Config-ifip address 10.10.10.1 255.255.255.0
- Config-ifbandwidth 256
- Config-ifframe-relay map ip 10.10.10.2 120
broadcast - Config-ifframe-relay map ip 10.10.10.3 110
broadcast
55Digital Subscriber Line
56Digital Subscriber Line
57Digital Subscriber Line
58Digital Subscriber Line
59Digital Subscriber Line
60??? VPI ??? VCI ??????????????? ADSL
61PPPoE Configuration
- !
- interface FastEthernet4
- pppoe enable group global
- pppoe-client dial-pool-number 1
- !
- interface Dialer 0
- ip address negotiated
- ip mtu1452
- encapsulation ppp
- dialer pool 1
- dialer-group 1
- ppp authentication chap callin
- ppp chap hostname Todd
- ppp chap password 0 lammle
- !
62Virtual Private Networks
- Types of VPNs
- There are three different categories of VPNs
- Remote access VPNs Remote access VPNs allow
remote users like telecommuters to securely
access the corporate network wherever and
whenever they need to. - Site-to-site VPNs Site-to-site VPNs, or intranet
VPNs, allow a company to connect its remote sites
to the corporate backbone securely over a public
medium like the Internet instead of requiring
more expensive WAN connections like Frame Relay. - Extranet VPNs Extranet VPNs allow an
organizations suppliers, partners, and customers
to be connected to the corporate network in a
limited way for business-to-business (B2B)
communications.
63Virtual Private Networks
- four of the most common tunneling protocols
- Layer 2 Forwarding (L2F) Layer 2 Forwarding (L2F)
is a Cisco-proprietary tunneling protocol, and it
was their first tunneling protocol created for
virtual private dial-up networks (VPDNs). VPDN
allows a device to use a dial-up connection to
create a secure connection to a corporate
network. L2F was later replaced by L2TP, which is
backward compatible with L2F. - Point-to-Point Tunneling Protocol (PPTP)
Point-to-Point Tunneling Protocol (PPTP) was
created by Microsoft to allow the secure transfer
of data from remote networks to the corporate
network. - Layer 2 Tunneling Protocol (L2TP) Layer 2
Tunneling Protocol (L2TP) was created by Cisco
and Microsoft to replace L2F and PPTP. L2TP
merged the capabilities of both L2F and PPTP
into one tunneling protocol. - Generic Routing Encapsulation (GRE) Generic
Routing Encapsulation (GRE) is another
Cisco-proprietary tunneling protocol. It forms
virtual point-to-point links, allowing for a
variety of protocols to be encapsulated in IP
tunnels.
64Virtual Private Networks
65Virtual Private Networks
66Virtual Private Networks